Support better entropy performance on vagrant VMs

Details

Description

Currently the vagrant-puppet deployment use Virtualbox as VM provider. The visualized hardware in Virtualbox does not have good performance on entropy generation since such randomness often collected from hardware sources.
The poor entropy performance directly impact the use in cryptography or use that required random data, which in our case is kerberos. In order to test our code snipes for real world usage instead of suffering on virtual machines, we can improve the entropy performance on VMs using rng-tools when provisioning those test VMs.

Copying here, accidentally sent an email to dev instead of commenting on the ticket.

I'm confused by the inclusion of rng-tools into the Vagrant VM. Is your intent to expose the hardware RNG on the host machine to the VM and use rng-tools daemon to seed the entropy pool using that hardware RNG from the host?

If your hypervisor doesn't support passthorugh of a hardware RNG or your server doesn't have one, you can use http://www.issihosts.com/haveged/ to generate entropy to be used in VM's.

Julien Eid
added a comment - 23/Jun/14 18:18 Copying here, accidentally sent an email to dev instead of commenting on the ticket.
I'm confused by the inclusion of rng-tools into the Vagrant VM. Is your intent to expose the hardware RNG on the host machine to the VM and use rng-tools daemon to seed the entropy pool using that hardware RNG from the host?
If your hypervisor doesn't support passthorugh of a hardware RNG or your server doesn't have one, you can use http://www.issihosts.com/haveged/ to generate entropy to be used in VM's.

Hi Julien Eid, actually haveged is the first tool I tried to solve this and it also works well during my test.
But after doing some investigation I found that rng-tools have less setup steps and is more common than haveged, for example, rng-tools is built-in in our default vagrant box.
Since the intention of this Jira is to move the blocking rock out of the road when we're going to test our puppet recipes or providing a sample hadoop environment. So I would say that keeping things simpler is better.
Another thought in my mind is that the we don't know when will the download link of haveged out of available in the future, and since haveged is in GPL license, we probably can not store it as one of our provisioning library.
Please feel free to correct me if I get anything wrong

Evans Ye
added a comment - 24/Jun/14 06:41 Hi Julien Eid , actually haveged is the first tool I tried to solve this and it also works well during my test.
But after doing some investigation I found that rng-tools have less setup steps and is more common than haveged, for example, rng-tools is built-in in our default vagrant box.
Since the intention of this Jira is to move the blocking rock out of the road when we're going to test our puppet recipes or providing a sample hadoop environment. So I would say that keeping things simpler is better.
Another thought in my mind is that the we don't know when will the download link of haveged out of available in the future, and since haveged is in GPL license, we probably can not store it as one of our provisioning library.
Please feel free to correct me if I get anything wrong